期刊文献+

基于随机森林的命令混淆绕过检测研究

Research on command obfuscation bypass detection based on random forest algorithm
下载PDF
导出
摘要 运维安全管理设备中的“命令过滤”功能只能过滤黑名单中的恶意代码,而无法有效识别并阻止使用特殊方法绕过该功能的行为。针对这一问题,提出了一种基于随机森林的算法,可以准确识别含有恶意代码的命令执行语句。首先,介绍了四种命令混淆绕过方法,它们用来规避黑名单中的关键词并进行命令执行。然后,为了解决这些风险,在模型的特征选择阶段将命令混淆代码纳入考虑范围,利用多种特征对模型进行训练并调整特征权重,以提高模型检测中对使用命令混淆攻击的识别率和准确度。实验结果表明,该方法能够及时识别并应对命令混淆攻击,从而更好地保证服务器安全运行。 The"command filtering"function in operation and maintenance security devices can only filter malicious code in the blacklist,and cannot effectively identify and prevent the use of special methods to bypass this function.To address this problem,this paper proposes an algorithm based on random forest,which can accurately identify command execution statements containing malicious code.Firstly,this paper introduces four methods of command obfuscation bypass,which are used to evade keywords in the blacklist and perform command execution.Then,in order to solve these risks,the command obfuscation code is taken into ac-count in the feature selection stage of the model,and various features are used to train and adjust the weights of the random forest model,so as to improve the recognition rate and accuracy of the model detection for adding command obfuscation attacks.The ex-perimental results show that the method proposed in this paper can timely identify and deal with command obfuscation attacks,thus better ensuring the secure operation of servers.
作者 戚臻彦 孙永清 Qi Zhenyan;Sun Yongqing(The Third Research Institute of the Ministry of Public Security,Shanghai 200030,China)
出处 《网络安全与数据治理》 2023年第6期66-70,共5页 CYBER SECURITY AND DATA GOVERNANCE
关键词 命令混淆 运维管理设备 随机森林 网络安全 command obfuscation operation and maintenance management equipment random forest network security
  • 相关文献

参考文献7

二级参考文献26

共引文献68

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部